UK councils hit by 10,000 cyber-attacks every day in 2022


Cyber-criminals are increasingly targeting UK councils, with more than two million attempted attacks recorded in 2022 to date2

There has been a 14% rise in the number of cyber-attacks year-on-year

Phishing attacks are the biggest threat to councils with 75% stating it is the most common type of cyber-attack experienced

Councils in the UK are dealing with thousands of attempted cyber-attacks every day, with 2.3 million attacks being detected so far this year.

A Freedom of Information (FOI) request from insurance broking and risk management firm Gallagher investigated the scale of cyber-crime against UK councils, with 161 local authorities sharing information. Based on the proportion of councils who shared data on cyber-attacks, the size of the problem is likely to be significantly greater. Scaling up these figures accordingly to reflect response rates, the true number of attacks across all councils is estimated to be more than 11 million in 20224.

While most cyber-attacks are intercepted by IT security put in place by local authorities, the councils who shared data revealed that collectively they had paid out over £10 million over the past five years due to cyber-crime. This includes monies lost to hackers, legal costs and fines.

Phishing attacks are by far the biggest cyber threat to councils, with three-quarters (75%) stating that it was the most common type of attack that had been attempted against them. Distributed denial-of-service (DDoS) attacks, which attempts to disrupt web traffic or services by overwhelming servers, were the second most common attempt type – ranking as the top threat this year for 6% of councils.

The increased prevalence of cyber-crime has been exacerbated by increasing digitisation driven by the pandemic – affecting both the public and private sectors. In fact, according Gallagher statistics, 15% of UK business owners say cyber-crime is one of their biggest risks, specifically driven by the increased reliance on technology post-pandemic5.

As a result of this growing risk, in the last 12 months around half of councils (52%) have needed to employ an external expert to give them advice on how to mitigate the risk of cyber-attacks.

Nearly nine in 10 councils (85%) have increased their cyber security to help them cope with the volume and sophistication of attempted attacks, but despite these increased efforts to help guard against the growing threat, currently only 23% of councils currently hold a cyber-insurance policy to protect against the potential consequences.

Commenting on the findings, Johnty Mongan, Head of Cyber Risk Management at Gallagher, said: “Criminals unfortunately only know too well that cyber-attacks can cripple systems and with many councils increasingly servicing local people’s needs digitally, they simply cannot afford to experience downtime. It is positive to see that councils are recognising this threat, and looking to employ external experts to help prevent cyber-attacks – risk management and putting in the right security is absolutely key and external experts are best placed to advise what the most up to measures are.

Tim Devine, Managing Director for Government, Housing, Education & Public Sector at Gallagher: “It is important to have a plan in place should the worst happen. With so many attacks happening every day, it only takes one error to cause significant problems. The risk in terms of associated costs and reputational damage as a result of cyber threats means having specialist cyber insurance in place should be a key consideration but is by no means the only consideration for those wishing to mitigate the risks of an attack.”